<!DOCTYPE html>
<html>

<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
	<meta name="theme-color" content="#33474d">
	<title>防止SQL注入 | 失落的乐章</title>
	<link rel="stylesheet" href="/css/style.css" />
	
      <link rel="alternate" href="/atom.xml" title="失落的乐章" type="application/atom+xml">
    
</head>

<body>

	<header class="header">
		<nav class="header__nav">
			
				<a href="/archives" class="header__link">Archive</a>
			
				<a href="/tags" class="header__link">Tags</a>
			
				<a href="/atom.xml" class="header__link">RSS</a>
			
		</nav>
		<h1 class="header__title"><a href="/">失落的乐章</a></h1>
		<h2 class="header__subtitle">技术面前，永远都是学生。</h2>
	</header>

	<main>
		<article>
	
		<h1>防止SQL注入</h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Linux安全/">Linux安全</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;一个恐怖的例子：</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;注入式攻击的详细解释SQL下面我们将以一个简单的用户登陆为例，结合代码详细解释一下SQL注入式攻击，与及他的防范措施。对于一个简单的用户登陆可能的代码如下：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div></pre></td><td class="code"><pre><div class="line">try</div><div class="line">&#123;</div><div class="line">　string strUserName = this.txtUserName.Text;</div><div class="line">　string strPwd = this.txtPwd.Text;</div><div class="line">　string strSql = <span class="string">"select * from userinfo where UserName='"</span> + strUserName + <span class="string">"' and Password='"</span> + strPwd + <span class="string">"'"</span>;</div><div class="line">　SqlConnection objDbConn = new SqlConnection(<span class="string">"数据库连接字符串"</span>);</div><div class="line">　SqlDataAdapter objAdapter = new SqlDataAdapter(strSql,objDbConn);</div><div class="line">　DataSet objDataSet = null;</div><div class="line">　objAdapter.Fill(objDataSet);//TODO 对获取的数据进行判断。</div><div class="line">&#125;</div><div class="line">catch (System.Exception e)</div><div class="line">&#123;</div><div class="line">　this.lblMsg.Text = e.Message;</div><div class="line">　this.lblMsg.Visible = <span class="literal">true</span>;</div><div class="line">&#125;</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;在上面这段代码中，如果用户的输入是正常的用户名和密码的话，那么执行都会比较正常，但是，假如输入用户名的时候，输入的是“johny’–”的话，在 SQLServer里面执行的语句将会是“select * from userinfo where UserName=’johny’–‘ and Password=’密码’”，只要数据库中存在johny这个用户的话，那么不管密码是什么，语句都能够执行成功，并且能够顺利通过登陆。还 有更加厉害的，我们知道SQLServer里面有一些系统的存储过程，能够执行操作系统的很多命令，比如xp_cmdshell，假如上面用户登陆的时 候，用户名部分输入的是“johny’ exec xp_cmdshell ‘format d:/s’–”，大家想想一下后果是什么？有恶意的用户，只要把’format d:/s’这个命令稍加改造就能够做很多不合法的事情。</p>
<h2 id="NET防SQL注入方法"><a href="#NET防SQL注入方法" class="headerlink" title=".NET防SQL注入方法"></a>.NET防SQL注入方法</h2><h3 id="1-利用SqlCommand传参数的方法："><a href="#1-利用SqlCommand传参数的方法：" class="headerlink" title="1.利用SqlCommand传参数的方法："></a>1.利用SqlCommand传参数的方法：</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">string strSQL=<span class="string">"SELECT * FROM [user] WHERE user_id=@id"</span>;</div><div class="line">SqlCommand cmd = new SqlCommand();</div><div class="line">cmd.CommandText = strSQL;</div><div class="line">cmd.Parameters.Add(<span class="string">"@id"</span>,SqlDbType.VarChar,20).Value=Request[<span class="string">"id"</span>].ToString();</div></pre></td></tr></table></figure>
<h3 id="2-过滤禁止运行法："><a href="#2-过滤禁止运行法：" class="headerlink" title="2.过滤禁止运行法："></a>2.过滤禁止运行法：</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div></pre></td><td class="code"><pre><div class="line">/// &lt;summary&gt;</div><div class="line">/// 过滤SQL语句,防止注入</div><div class="line">/// &lt;/summary&gt;</div><div class="line">/// &lt;param name=<span class="string">"strSql"</span>&gt;&lt;/param&gt;</div><div class="line">/// &lt;returns&gt;0 - 没有注入, 1 - 有注入 &lt;/returns&gt;</div><div class="line">public int filterSql(string sSql)</div><div class="line">&#123; </div><div class="line"> int srcLen, decLen = 0;</div><div class="line"> sSql = sSql.ToLower().Trim();</div><div class="line"> srcLen = sSql.Length;</div><div class="line"> sSql = sSql.Replace(<span class="string">"exec"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"delete"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"master"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"truncate"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"declare"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"create"</span>, <span class="string">""</span>);</div><div class="line"> sSql = sSql.Replace(<span class="string">"xp_"</span>, <span class="string">"no"</span>);</div><div class="line"> decLen = sSql.Length;</div><div class="line"> <span class="keyword">if</span> (srcLen == decLen) <span class="built_in">return</span> 0; <span class="keyword">else</span> <span class="built_in">return</span> 1; </div><div class="line">&#125;</div></pre></td></tr></table></figure>
<h3 id="3-存储过程"><a href="#3-存储过程" class="headerlink" title="3.存储过程"></a>3.存储过程</h3><p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;js版的防范SQL注入式攻击代码：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div></pre></td><td class="code"><pre><div class="line">&lt;script language=<span class="string">"javascript"</span>&gt;</div><div class="line">&lt;!--</div><div class="line">var url = location.search;</div><div class="line">var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|<span class="built_in">exec</span>%20master|net%20localgroup%20administrators|\<span class="string">"|:|net%20user|\|%20or%20)(.*)$/gi;</span></div><div class="line"><span class="string">var e = re.test(url);</span></div><div class="line"><span class="string">if(e) &#123;</span></div><div class="line"><span class="string"> alert("</span>地址中含有非法字符～<span class="string">");</span></div><div class="line"><span class="string"> location.href="</span>error.asp<span class="string">";</span></div><div class="line"><span class="string">&#125;</span></div><div class="line"><span class="string">//--&gt;</span></div><div class="line"><span class="string">&lt;script&gt;</span></div></pre></td></tr></table></figure>

	

	
		<span class="different-posts"><a href="/2017/10/12/Linux安全/12. 防止SQL注入/" onclick="window.history.go(-1); return false;">⬅️ Go back </a></span>

	

</article>

	</main>

	<footer class="footer">
	<div class="footer-content">
		
	      <div class="footer__element">
	<p>Hi there, <br />welcome to my Blog glad you found it. Have a look around, will you?</p>
</div>

	    
	      <div class="footer__element">
	<h5>Check out</h5>
	<ul class="footer-links">
		<li class="footer-links__link"><a href="/archives">Archive</a></li>
		
		  <li class="footer-links__link"><a href="/atom.xml">RSS</a></li>
	    
		<li class="footer-links__link"><a href="/about">about page</a></li>
		<li class="footer-links__link"><a href="/tags">Tags</a></li>
		<li class="footer-links__link"><a href="/categories">Categories</a></li>
	</ul>
</div>

	    

		<div class="footer-credit">
			<span>© 2017 失落的乐章 | Powered by <a href="https://hexo.io/">Hexo</a> | Theme <a href="https://github.com/HoverBaum/meilidu-hexo">MeiliDu</a></span>
		</div>

	</div>


</footer>



</body>

</html>
